FilesExpand file tree

 master

/

ReferFilter.java

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

85 lines (67 loc) · 2.69 KB

 master

/

ReferFilter.java

Top

File metadata and controls

• Code
• Blame

85 lines (67 loc) · 2.69 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

package org.joychou.filter;

import javax.servlet.*;

import javax.servlet.annotation.WebFilter;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import org.apache.commons.lang.StringUtils;

import org.joychou.config.WebConfig;

import org.joychou.security.SecurityUtil;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.util.AntPathMatcher;

import org.springframework.util.PathMatcher;

/**

* Check referer for all GET requests with callback parameters.

* If the check of referer fails, a 403 forbidden error page will be returned.

* <p>

* Still need to add @ServletComponentScan annotation in Application.java.

*/

@WebFilter(filterName = "referFilter", urlPatterns = "/*")

public class ReferFilter implements Filter {

@Override

public void init(FilterConfig filterConfig) throws ServletException {

}

private final Logger logger = LoggerFactory.getLogger(this.getClass());

@Override

public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)

throws IOException, ServletException {

HttpServletRequest request = (HttpServletRequest) req;

HttpServletResponse response = (HttpServletResponse) res;

String refer = request.getHeader("referer");

PathMatcher matcher = new AntPathMatcher();

boolean isMatch = false;

// 获取要校验Referer的Uri

for (String uri : WebConfig.getReferUris()) {

if (matcher.match(uri, request.getRequestURI())) {

isMatch = true;

break;

}

}

if (!isMatch) {

filterChain.doFilter(req, res);

return;

}

if (!WebConfig.getReferSecEnabled()) {

filterChain.doFilter(req, res);

return;

}

// Check referer for all GET requests with callback parameters.

String reqCallback = request.getParameter(WebConfig.getBusinessCallback());

if ("GET".equals(request.getMethod()) && StringUtils.isNotBlank(reqCallback)) {

// If the check of referer fails, a 403 forbidden error page will be returned.

if (SecurityUtil.checkURL(refer) == null) {

logger.info("[-] URL: " + request.getRequestURL() + "?" + request.getQueryString() + "\t"

+ "Referer: " + refer);

response.setStatus(HttpServletResponse.SC_FORBIDDEN);

response.getWriter().write(" Referer check error.");

response.flushBuffer();

return;

}

}

filterChain.doFilter(req, res);

}

@Override

public void destroy() {

}

}